什么是Spring Boot Admin
Spring Boot Admin 是管理和监控你的SpringBoot应用程序的社区项目,作者codecentric。应用程序通过Spring Boot Admin Client进行注册,HTTP方式或者使用springcloud服务发现(例如:Eureka,Consul)。Spring Boot Admin UI只是Spring Boot Actuator endpoints上的一个AngularJs应用程序,提供图形化界面的展示。
版本说明
| SpringBoot | 2.0.1.RELEASE |
| SpringBootAdmin | 2.0.0-SNAPSHOT |
SpringBoot2.0版本之后配置文件会有部分调整,本文不适用于2.0之前的版本
项目集成之SpringBoot项目
Admin服务端配置
1. pom.xml中引入Maven依赖
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>PS:spring-boot-admin-starter-server包含spring-boot-admin-server和spring-boot-admin-server-ui两个依赖
2. 开启@EnableAdminServer注解支持
@SpringBootApplication
@EnableAdminServer
public class AdminServerSpringStrap {
public static void main(String[] args) {
SpringApplication.run(AdminServerSpringStrap.class, args);
}
}PS:如果使用SpringBootAutoConfiguration方式自动引入注解配置需要添加@AutoConfigureBefore({AdminServerAutoConfiguration.class}),否则@EnableAdminServer注解无效
至此Admin服务端已经配置完毕。
Admin客户端配置
1. pom.xml中引入Maven依赖
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
</dependency>2. application.yml配置
---
spring:
profiles: client
application:
name: client
boot:
admin:
client:
url: "http://localhost:8080/" // Admin服务端地址,根据实际情况更改
server:
port: 8081
management:
endpoints:
web:
exposure:
include: "*" // SpringBootActuator监控暴露所有接口PS:SpringBoot2.0之后大部分endpoints不会被暴露,上面我们暴露了所有endpoints,如应用到生产环境,考虑到安全问题,对于Actuator的Endpoints请根据需要进行配置
至此Admin客户端已经配置完毕。
运行概览图
- Admin首页
- Admin 客户端详细监控信息页面
添加SpringSecurity进行权限控制
pom.xml添加Maven依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>添加到需要进行权限控制的项目中
一. 仅Admin客户端进行权限控制
1. Admin客户端application.yml配置
---
spring:
profiles: client
application:
name: client
boot:
admin:
client:
url: "http://localhost:8080"
instance:
metadata:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
security:
user:
name: client
password: client
server:
port: 8081
management:
endpoints:
web:
exposure:
include: "*"PS:security下的属性配置httpBasic的用户名密码instance.metadata下的属性配置向Admin服务端传输本客户端的用户名和密码,这样Admin服务端请求的时候会携带已传递的用户名密码,如果此处的密码和security下的不一致,则服务端将没有权限访问客户端的监控
配置完成后,启动客户端,服务端请求客户端监控接口的时候会带上客户端传递的凭证,至此完毕。
二. Admin服务端和客户端都要进行权限控制
1. Admin服务端增加SpringSecurity的权限配置
启动器添加@EnableWebSecurity注解
@Configuration
public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
http.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf().disable();
// @formatter:on
}
}2. Admin服务端application.yml配置
---
spring:
profiles: admin
application:
name: admin
security:
user:
name: admin
password: admin
server:
port: 8080
management:
endpoints:
web:
exposure:
include: "*"3. Admin客户端application.yml配置
---
spring:
profiles: client
application:
name: client
security:
user:
name: client
password: client
boot:
admin:
client:
url: "http://localhost:8080"
instance:
metadata:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
username: admin
password: admin
server:
port: 8081
management:
endpoints:
web:
exposure:
include: "*"PS:客户端增加了spring.boot.admin.client.[username,password]配置,此配置是传递Admin服务端的凭证信息,否则不能注册到Admin服务端。其他配置同上一节仅Admin客户端进行权限控制一致。
如果需要Admin服务端自己注册自己,则只要将Admin服务端的application.yml与客户端一致即可。
至此SpringSecurity权限控制配置完毕。
项目集成之SpringCloud项目(Eureka)
此文只说明Spring-Boot-Admin集成Eureka的配置,至于Eureka的集成请关注我的后续文章。
1. Maven依赖说明
Spring-Boot-Admin的相关依赖请参考上述说明
2. Admin服务端配置
spring:
application:
name: server-admin
security:
user:
name: admin
password: admin
server:
port: 9888
eureka:
client:
service-url:
defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
registry-fetch-interval-seconds: 5
instance:
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
lease-renewal-interval-in-seconds: 10
health-check-url-path: /actuator/health
management:
endpoints:
web:
exposure:
include: "*"配置基本同SpringBoot项目一致,不同的是将Admin服务端注册到Eureka注册中心,此配置包含权限控制,根据需要进行删减。
3. Admin客户端配置
spring:
application:
name: service-hi
security:
user:
name: client
password: client
server:
port: 8762
eureka:
client:
service-url:
defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
registry-fetch-interval-seconds: 5
instance:
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
lease-renewal-interval-in-seconds: 10
health-check-url-path: /actuator/health
management:
endpoints:
web:
exposure:
include: "*"配置基本同SpringBoot项目一致,不同的是将Admin客户端注册到Eureka注册中心,此配置包含权限控制,根据需要进行删减。如果客户端和服务端都注册到同一个注册中心,则不需要在客户端指定服务端的地址,并且不需要在客户端配置服务端的凭证信息。
至此Spring-Boot-Admin集成到Eureka完毕。
附加说明
- 项目作者codecentric的GitHub:spring-boot-admin
- 作者codecentric写的项目指导:Spring Boot Admin Reference Guide
-
admin项目Maven仓库
<repository> <id>sonatype-nexus-snapshots</id> <name>Sonatype Nexus Snapshots</name> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository>
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。